Cavanagh said the IDs in the database went up to about 6.7 million. However, there were some deleted accounts included in that number.

Although he doesn’t know if anyone pulled the data, Cavanagh said the worst should be assumed.

“I would say it is safe to assume that someone dodgy has your data,” he said.

“If you’ve used your [Ster-Kinekor] password anywhere else, stop reading this and go change it to something unique right now.”

The full details on how he found the vulnerability are available on his blog.

Ster-Kinekor responds

Ster-Kinekor responded to Cavanagh’s disclosure, stating it has been assured that customers’ data has not been appropriated for less-than-noble intentions.

When Cavanagh contacted the company about the website vulnerability last year, it was in the process of migrating to its new online system.

“Since being made aware of this state of affairs by Mr. Cavanagh, no further breaches have been detected,” said Ster-Kinekor.

“Ster-Kinekor was assured that our customers had not been exposed to ongoing harm and that their data had remained safe.”

The company said its new multi-million-rand world-class system offers all customers “the surety of knowing that the company takes the responsibility of ensuring the security of their personal information extremely seriously”.

Partner Content

Join the conversation
Autoload comments

Comments section policy: MyBroadband has a new article comments policy which aims to encourage constructive discussions. To get your comments published, make sure it is civil and adds value to the discussion.